{
  "type": "URL",
  "indicator": "https://o.event.target",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://o.event.target",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 3864956847,
      "indicator": "https://o.event.target",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 6,
      "pulses": [
        {
          "id": "69cc876e1a85eb578af3460c",
          "name": "Gatsby.",
          "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access.<pretext.fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4",
          "modified": "2026-04-13T23:15:43.048000",
          "created": "2026-04-01T02:48:14.165000",
          "tags": [
            "a nxdomain",
            "unknown",
            "ip address",
            "domain",
            "present jun",
            "files",
            "ip related",
            "pulses otx",
            "pulses",
            "tags",
            "number",
            "ja3s",
            "get http",
            "ja3 client",
            "ja3 server",
            "ssdeep",
            "file type",
            "magic ascii",
            "crlf line",
            "trid digital",
            "unix",
            "cache entry",
            "zstandard",
            "dictionary id",
            "extra info",
            "process",
            "performs dns",
            "urls",
            "domain ip",
            "tls version",
            "https"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 272,
            "domain": 168,
            "hostname": 281,
            "FileHash-MD5": 170,
            "FileHash-SHA1": 51,
            "FileHash-SHA256": 113,
            "IPv4": 14,
            "email": 6
          },
          "indicator_count": 1075,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 49,
          "modified_text": "5 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6842489989d6db4d41fd8322",
          "name": "Vulnerable Driver Load",
          "description": "Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.",
          "modified": "2025-07-06T01:00:17.231000",
          "created": "2025-06-06T01:47:05.317000",
          "tags": [
            "malicious",
            "vulnerable",
            "living",
            "land drivers",
            "premium",
            "windows",
            "feel",
            "strong",
            "json",
            "sysmon",
            "subdomains",
            "whasz",
            "html internet",
            "magia dokument",
            "html",
            "ascii",
            "z bardzo",
            "triid plik",
            "magika html",
            "rozmiar",
            "zgoszenie",
            "error",
            "100255",
            "255100",
            "number",
            "e100",
            "100i100n",
            "65535255",
            "25565535",
            "mmm d",
            "typeof window",
            "null",
            "bubble",
            "radar",
            "false",
            "click",
            "isitem",
            "dark",
            "copy",
            "shell",
            "panelbox",
            "document",
            "code",
            "body",
            "light",
            "mark",
            "date",
            "scroll",
            "target",
            "blank",
            "back",
            "main",
            "lowfi"
          ],
          "references": [
            "https://loldrivers.io/",
            "https://www.loldrivers.io/js/chart.min.js",
            "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js",
            "https://www.loldrivers.io/favicons/browserconfig.xml"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 20,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1885,
            "FileHash-SHA1": 1367,
            "FileHash-SHA256": 1615,
            "hostname": 214,
            "domain": 52,
            "URL": 468,
            "CVE": 2
          },
          "indicator_count": 5603,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 123,
          "modified_text": "287 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "67a7f06a5d0f22ad92684646",
          "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd",
          "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.",
          "modified": "2025-05-14T21:27:17.040000",
          "created": "2025-02-09T00:01:46.054000",
          "tags": [
            "null",
            "nie mona",
            "array",
            "input",
            "nonmsdombrowser",
            "object",
            "html",
            "component",
            "body",
            "horizontal",
            "date",
            "calendar",
            "february",
            "april",
            "june",
            "august",
            "iframe",
            "form",
            "friday",
            "explorer",
            "target",
            "error",
            "legend",
            "this",
            "type",
            "regexp",
            "elem",
            "index",
            "function",
            "handle",
            "check",
            "safari",
            "expando",
            "android",
            "false",
            "hooks",
            "copy",
            "prop",
            "class",
            "mark",
            "window",
            "code",
            "capture",
            "accept",
            "seed",
            "override",
            "hook",
            "look",
            "loop",
            "install",
            "pass",
            "enough",
            "bind",
            "core",
            "local",
            "verify",
            "done",
            "find",
            "internal",
            "inject",
            "possible",
            "hold",
            "middle",
            "guard",
            "fall",
            "stop",
            "panic",
            "back",
            "restrict",
            "speed",
            "turn",
            "grab",
            "getclass",
            "jquery",
            "bubble",
            "anchor",
            "shift"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1134",
              "name": "Access Token Manipulation",
              "display_name": "T1134 - Access Token Manipulation"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 13,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 1143,
            "domain": 155,
            "hostname": 523,
            "FileHash-SHA256": 151
          },
          "indicator_count": 1972,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 122,
          "modified_text": "339 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "66246ff49ed29ea9bb2bf122",
          "name": "S\u0105d Rejonowy w Jeleniej Gorze  POLAND",
          "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations",
          "modified": "2025-05-14T21:18:36.989000",
          "created": "2024-04-21T01:46:28.554000",
          "tags": [
            "jeleniej grze",
            "aktualnoci",
            "informacje",
            "jednostka",
            "rejonowy",
            "konkurs",
            "najczciej",
            "sd rejonowy",
            "przejd",
            "czytaj",
            "click",
            "sdzia jarosaw",
            "wydziau",
            "sdzia grzegorz",
            "katarzyna",
            "rudnicka dane",
            "kontaktowe sd",
            "jelenia gra",
            "mickiewicza",
            "zawarto",
            "html",
            "nazwa meta",
            "robotw",
            "telefon",
            "brak",
            "skala",
            "ua zgodna",
            "head body",
            "zasb",
            "cname",
            "kod odpowiedzi",
            "kodowanie treci",
            "wygasa",
            "gmt serwer",
            "pragma",
            "kontrola pamici",
            "podrcznej",
            "data",
            "gmt kontrola",
            "dostpuzezwl na",
            "czytaj wicej",
            "sd okrgowy",
            "jednostki",
            "okrgowy",
            "ogoszenia",
            "sha256",
            "vhash",
            "ssdeep",
            "https odcisk",
            "palca jarma",
            "https dane",
            "v3 numer",
            "odcisk palca",
            "tworzy katalog",
            "tworzy pliki",
            "typ pliku",
            "json",
            "ascii",
            "windows",
            "sqlite",
            "foxpro fpt",
            "links typ",
            "mapa",
            "152 x",
            "sqlite w",
            "sha1",
            "sha512",
            "file size",
            "b file",
            "testing",
            "komornik sdowy",
            "sdzie rejonowym",
            "tomasz rodacki",
            "obwieszczenie",
            "komornicze",
            "tumacza migam",
            "tumacz czynny",
            "zamknite",
            "wiadczenia",
            "schedule",
            "error",
            "javascript",
            "bakers hall",
            "ixaction",
            "script",
            "ixchatlauncher",
            "compatibility",
            "com dla",
            "t1055 pewno",
            "unikanie obrony",
            "t1036 maskarada",
            "t1082 pewno",
            "informacje o",
            "nazwa pliku",
            "dokument pdf",
            "rozmiar pliku",
            "zapowied",
            "type",
            "iii dbt",
            "utf8",
            "dziennik"
          ],
          "references": [
            "S?d Rejonowy w Jeleniej G\u00f3rze.htm",
            "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm",
            "http://www.jelenia-gora.so.gov.pl/",
            "https://www.jelenia-gora.so.gov.pl/",
            "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze",
            "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora",
            "https://www.jelenia-gora.sr.gov.pl/spacer",
            "https://waf.intelix.pl/957476/Chat/Script/Compatibility"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "",
              "display_name": "",
              "target": null
            },
            {
              "id": "serwer",
              "display_name": "serwer",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 24,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "email": 71,
            "domain": 7651,
            "hostname": 7680,
            "IPv4": 331,
            "FileHash-SHA256": 16168,
            "URL": 10399,
            "FileHash-MD5": 3639,
            "FileHash-SHA1": 3468,
            "CIDR": 4,
            "CVE": 89,
            "YARA": 521,
            "SSLCertFingerprint": 25,
            "JA3": 1,
            "IPv6": 5813
          },
          "indicator_count": 55860,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 141,
          "modified_text": "339 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6647908c09468f42bc1249f1",
          "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution",
          "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com",
          "modified": "2025-03-01T04:59:57.222000",
          "created": "2024-05-17T17:14:52.317000",
          "tags": [
            "false",
            "true",
            "visible",
            "application",
            "microsoft teams",
            "microsoft azure",
            "office",
            "service",
            "dynamics",
            "hidden",
            "android",
            "explorer",
            "write",
            "connector",
            "test",
            "sharepoint",
            "live",
            "meister",
            "tools",
            "desktop",
            "spark",
            "front",
            "enterprise",
            "designer",
            "atlas",
            "premium",
            "assistant",
            "allow",
            "azureadmyorg",
            "game",
            "verify",
            "microsoft power",
            "channelsurfcli",
            "mtd1",
            "file transfer",
            "magnus",
            "microsoft crm",
            "youth"
          ],
          "references": [
            "All - EnterpriseAppsList.csv",
            "AppRegistrationList.csv",
            "https://tria.ge/240517-vc7c1shc62/behavioral1",
            "https://tria.ge/240517-vdwb5shc71/behavioral1",
            "https://tria.ge/240517-vqxezaaa33/behavioral1",
            "https://tria.ge/240517-t9pc2ahb2t",
            "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
            "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
            "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
            "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
            "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
            "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
            "Thor Scan: S-I9VvMTB6cZU",
            "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
            "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
            "https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
            "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
            "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
            "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
            "https://tria.ge/240521-q4s79agb25/static1",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
            "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
            "https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
            "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
            "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
            "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
            "https://www.hudsonrock.com/search?domain=ualberta.ca",
            "https://www.criminalip.io/domain/report?scan_id=13798622",
            "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
            "https://urlscan.io/search/#ualberta.ca",
            "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
            "https://sitereport.netcraft.com/?url=http://ualberta.ca",
            "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
            "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
            "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
            "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
            "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
            "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
            "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
            "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Canada"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Technology",
            "Healthcare",
            "Telecommunications",
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 25,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 7,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1703,
            "FileHash-SHA256": 90472,
            "URL": 99185,
            "domain": 82954,
            "hostname": 39041,
            "FileHash-SHA1": 1624,
            "email": 4658,
            "CVE": 12
          },
          "indicator_count": 319649,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 139,
          "modified_text": "414 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "663d2869e0f3a42bbddc42ff",
          "name": "UPX executable packer.",
          "description": "A new rule has been introduced  a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
          "modified": "2024-10-14T00:01:17.069000",
          "created": "2024-05-09T19:47:53.786000",
          "tags": [
            "cioch adrian",
            "centrum usug",
            "sieciowych",
            "elf binary",
            "upx compression",
            "roth",
            "nextron",
            "info",
            "javascript",
            "html",
            "office open",
            "xml document",
            "network capture",
            "win32 exe",
            "xml pakietu",
            "pdf zestawy",
            "przechwytywanie",
            "office",
            "filehashsha1",
            "url https",
            "cve cve20201070",
            "cve cve20203153",
            "cve cve20201048",
            "cve cve20211732",
            "cve20201048 apr",
            "filehashmd5",
            "cve cve20010901",
            "cve cve20021841",
            "cve20153202 apr",
            "cve cve20160728",
            "cve cve20161807",
            "cve cve20175123",
            "cve20185407 apr",
            "cve cve20054605",
            "cve cve20060745",
            "cve cve20070452",
            "cve cve20070453",
            "cve cve20070454",
            "cve cve20071355",
            "cve cve20071358",
            "cve cve20071871",
            "cve20149614 apr",
            "cve cve20151503",
            "cve cve20152080",
            "cve cve20157377",
            "cve cve20170131",
            "cve20200796 may",
            "cve cve20113403"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 6861,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Arek-BTC",
            "id": "212764",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 5771,
            "domain": 3139,
            "URL": 14525,
            "FileHash-SHA1": 2610,
            "IPv4": 108,
            "CIDR": 40,
            "FileHash-SHA256": 10705,
            "FileHash-MD5": 3373,
            "YARA": 2,
            "CVE": 148,
            "Mutex": 7,
            "FilePath": 3,
            "SSLCertFingerprint": 3,
            "email": 23,
            "JA3": 1,
            "IPv6": 2
          },
          "indicator_count": 40460,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 137,
          "modified_text": "552 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List",
        "https://sitereport.netcraft.com/?url=http://ualberta.ca",
        "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
        "https://tria.ge/240517-vc7c1shc62/behavioral1",
        "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
        "All - EnterpriseAppsList.csv",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
        "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
        "https://tria.ge/240517-vdwb5shc71/behavioral1",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
        "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
        "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze",
        "https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
        "https://www.criminalip.io/domain/report?scan_id=13798622",
        "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora",
        "https://waf.intelix.pl/957476/Chat/Script/Compatibility",
        "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
        "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
        "https://www.hudsonrock.com/search?domain=ualberta.ca",
        "https://www.jelenia-gora.so.gov.pl/",
        "http://www.jelenia-gora.so.gov.pl/",
        "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
        "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
        "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
        "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
        "Thor Scan: S-I9VvMTB6cZU",
        "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js",
        "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
        "S?d Rejonowy w Jeleniej G\u00f3rze.htm",
        "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
        "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
        "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
        "https://www.jelenia-gora.sr.gov.pl/spacer",
        "https://tria.ge/240521-q4s79agb25/static1",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
        "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
        "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
        "https://www.loldrivers.io/js/chart.min.js",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
        "https://www.loldrivers.io/favicons/browserconfig.xml",
        "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
        "https://urlscan.io/search/#ualberta.ca",
        "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
        "https://tria.ge/240517-t9pc2ahb2t",
        "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
        "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
        "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
        "https://tria.ge/240517-vqxezaaa33/behavioral1",
        "https://loldrivers.io/",
        "AppRegistrationList.csv"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "",
            "Serwer"
          ],
          "industries": [
            "Education",
            "Healthcare",
            "Technology",
            "Telecommunications",
            "Government"
          ],
          "unique_indicators": 123850
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/event.target",
    "whois": "http://whois.domaintools.com/event.target",
    "domain": "event.target",
    "hostname": "o.event.target"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 6,
  "pulses": [
    {
      "id": "69cc876e1a85eb578af3460c",
      "name": "Gatsby.",
      "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access.<pretext.fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4",
      "modified": "2026-04-13T23:15:43.048000",
      "created": "2026-04-01T02:48:14.165000",
      "tags": [
        "a nxdomain",
        "unknown",
        "ip address",
        "domain",
        "present jun",
        "files",
        "ip related",
        "pulses otx",
        "pulses",
        "tags",
        "number",
        "ja3s",
        "get http",
        "ja3 client",
        "ja3 server",
        "ssdeep",
        "file type",
        "magic ascii",
        "crlf line",
        "trid digital",
        "unix",
        "cache entry",
        "zstandard",
        "dictionary id",
        "extra info",
        "process",
        "performs dns",
        "urls",
        "domain ip",
        "tls version",
        "https"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 272,
        "domain": 168,
        "hostname": 281,
        "FileHash-MD5": 170,
        "FileHash-SHA1": 51,
        "FileHash-SHA256": 113,
        "IPv4": 14,
        "email": 6
      },
      "indicator_count": 1075,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 49,
      "modified_text": "5 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6842489989d6db4d41fd8322",
      "name": "Vulnerable Driver Load",
      "description": "Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.",
      "modified": "2025-07-06T01:00:17.231000",
      "created": "2025-06-06T01:47:05.317000",
      "tags": [
        "malicious",
        "vulnerable",
        "living",
        "land drivers",
        "premium",
        "windows",
        "feel",
        "strong",
        "json",
        "sysmon",
        "subdomains",
        "whasz",
        "html internet",
        "magia dokument",
        "html",
        "ascii",
        "z bardzo",
        "triid plik",
        "magika html",
        "rozmiar",
        "zgoszenie",
        "error",
        "100255",
        "255100",
        "number",
        "e100",
        "100i100n",
        "65535255",
        "25565535",
        "mmm d",
        "typeof window",
        "null",
        "bubble",
        "radar",
        "false",
        "click",
        "isitem",
        "dark",
        "copy",
        "shell",
        "panelbox",
        "document",
        "code",
        "body",
        "light",
        "mark",
        "date",
        "scroll",
        "target",
        "blank",
        "back",
        "main",
        "lowfi"
      ],
      "references": [
        "https://loldrivers.io/",
        "https://www.loldrivers.io/js/chart.min.js",
        "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js",
        "https://www.loldrivers.io/favicons/browserconfig.xml"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 20,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1885,
        "FileHash-SHA1": 1367,
        "FileHash-SHA256": 1615,
        "hostname": 214,
        "domain": 52,
        "URL": 468,
        "CVE": 2
      },
      "indicator_count": 5603,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 123,
      "modified_text": "287 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "67a7f06a5d0f22ad92684646",
      "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd",
      "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.",
      "modified": "2025-05-14T21:27:17.040000",
      "created": "2025-02-09T00:01:46.054000",
      "tags": [
        "null",
        "nie mona",
        "array",
        "input",
        "nonmsdombrowser",
        "object",
        "html",
        "component",
        "body",
        "horizontal",
        "date",
        "calendar",
        "february",
        "april",
        "june",
        "august",
        "iframe",
        "form",
        "friday",
        "explorer",
        "target",
        "error",
        "legend",
        "this",
        "type",
        "regexp",
        "elem",
        "index",
        "function",
        "handle",
        "check",
        "safari",
        "expando",
        "android",
        "false",
        "hooks",
        "copy",
        "prop",
        "class",
        "mark",
        "window",
        "code",
        "capture",
        "accept",
        "seed",
        "override",
        "hook",
        "look",
        "loop",
        "install",
        "pass",
        "enough",
        "bind",
        "core",
        "local",
        "verify",
        "done",
        "find",
        "internal",
        "inject",
        "possible",
        "hold",
        "middle",
        "guard",
        "fall",
        "stop",
        "panic",
        "back",
        "restrict",
        "speed",
        "turn",
        "grab",
        "getclass",
        "jquery",
        "bubble",
        "anchor",
        "shift"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1134",
          "name": "Access Token Manipulation",
          "display_name": "T1134 - Access Token Manipulation"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 13,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 1143,
        "domain": 155,
        "hostname": 523,
        "FileHash-SHA256": 151
      },
      "indicator_count": 1972,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 122,
      "modified_text": "339 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "66246ff49ed29ea9bb2bf122",
      "name": "S\u0105d Rejonowy w Jeleniej Gorze  POLAND",
      "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations",
      "modified": "2025-05-14T21:18:36.989000",
      "created": "2024-04-21T01:46:28.554000",
      "tags": [
        "jeleniej grze",
        "aktualnoci",
        "informacje",
        "jednostka",
        "rejonowy",
        "konkurs",
        "najczciej",
        "sd rejonowy",
        "przejd",
        "czytaj",
        "click",
        "sdzia jarosaw",
        "wydziau",
        "sdzia grzegorz",
        "katarzyna",
        "rudnicka dane",
        "kontaktowe sd",
        "jelenia gra",
        "mickiewicza",
        "zawarto",
        "html",
        "nazwa meta",
        "robotw",
        "telefon",
        "brak",
        "skala",
        "ua zgodna",
        "head body",
        "zasb",
        "cname",
        "kod odpowiedzi",
        "kodowanie treci",
        "wygasa",
        "gmt serwer",
        "pragma",
        "kontrola pamici",
        "podrcznej",
        "data",
        "gmt kontrola",
        "dostpuzezwl na",
        "czytaj wicej",
        "sd okrgowy",
        "jednostki",
        "okrgowy",
        "ogoszenia",
        "sha256",
        "vhash",
        "ssdeep",
        "https odcisk",
        "palca jarma",
        "https dane",
        "v3 numer",
        "odcisk palca",
        "tworzy katalog",
        "tworzy pliki",
        "typ pliku",
        "json",
        "ascii",
        "windows",
        "sqlite",
        "foxpro fpt",
        "links typ",
        "mapa",
        "152 x",
        "sqlite w",
        "sha1",
        "sha512",
        "file size",
        "b file",
        "testing",
        "komornik sdowy",
        "sdzie rejonowym",
        "tomasz rodacki",
        "obwieszczenie",
        "komornicze",
        "tumacza migam",
        "tumacz czynny",
        "zamknite",
        "wiadczenia",
        "schedule",
        "error",
        "javascript",
        "bakers hall",
        "ixaction",
        "script",
        "ixchatlauncher",
        "compatibility",
        "com dla",
        "t1055 pewno",
        "unikanie obrony",
        "t1036 maskarada",
        "t1082 pewno",
        "informacje o",
        "nazwa pliku",
        "dokument pdf",
        "rozmiar pliku",
        "zapowied",
        "type",
        "iii dbt",
        "utf8",
        "dziennik"
      ],
      "references": [
        "S?d Rejonowy w Jeleniej G\u00f3rze.htm",
        "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm",
        "http://www.jelenia-gora.so.gov.pl/",
        "https://www.jelenia-gora.so.gov.pl/",
        "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze",
        "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora",
        "https://www.jelenia-gora.sr.gov.pl/spacer",
        "https://waf.intelix.pl/957476/Chat/Script/Compatibility"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "",
          "display_name": "",
          "target": null
        },
        {
          "id": "serwer",
          "display_name": "serwer",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1553",
          "name": "Subvert Trust Controls",
          "display_name": "T1553 - Subvert Trust Controls"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 24,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "email": 71,
        "domain": 7651,
        "hostname": 7680,
        "IPv4": 331,
        "FileHash-SHA256": 16168,
        "URL": 10399,
        "FileHash-MD5": 3639,
        "FileHash-SHA1": 3468,
        "CIDR": 4,
        "CVE": 89,
        "YARA": 521,
        "SSLCertFingerprint": 25,
        "JA3": 1,
        "IPv6": 5813
      },
      "indicator_count": 55860,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 141,
      "modified_text": "339 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6647908c09468f42bc1249f1",
      "name": "University of Alberta Azure/Entra Compromised Tenant Compromized Institution",
      "description": "Update: Academic/Non-Academic Staff Unions, 3rd party org, & some profs/students/alumni tried raising concerns to Admins/President/IST & CISO => Maintaining position they will not be looking into reported problems re: Cybersecurity under any circumstances = more time more problems? Attempts to advocate -> Harrass./Discrim./De-humanizing responses from admins (representing all folks - recorded). \nTenant ID: 718b8a9b-44d8-441a-a344-4294ea842172 = This pulse is 1 example (small) of problems.\n\nPrimary domain\nualbertaca.onmicrosoft.com\nCustom Domain Names\nualberta.ca\nVerified\nualbertaca.onmicrosoft.com",
      "modified": "2025-03-01T04:59:57.222000",
      "created": "2024-05-17T17:14:52.317000",
      "tags": [
        "false",
        "true",
        "visible",
        "application",
        "microsoft teams",
        "microsoft azure",
        "office",
        "service",
        "dynamics",
        "hidden",
        "android",
        "explorer",
        "write",
        "connector",
        "test",
        "sharepoint",
        "live",
        "meister",
        "tools",
        "desktop",
        "spark",
        "front",
        "enterprise",
        "designer",
        "atlas",
        "premium",
        "assistant",
        "allow",
        "azureadmyorg",
        "game",
        "verify",
        "microsoft power",
        "channelsurfcli",
        "mtd1",
        "file transfer",
        "magnus",
        "microsoft crm",
        "youth"
      ],
      "references": [
        "All - EnterpriseAppsList.csv",
        "AppRegistrationList.csv",
        "https://tria.ge/240517-vc7c1shc62/behavioral1",
        "https://tria.ge/240517-vdwb5shc71/behavioral1",
        "https://tria.ge/240517-vqxezaaa33/behavioral1",
        "https://tria.ge/240517-t9pc2ahb2t",
        "https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph",
        "https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary",
        "https://www.filescan.io/uploads/66479b483313f70f0afe3dbb",
        "https://www.filescan.io/uploads/664799c9d5c40bffee6106d7",
        "Thor Scan: S-I9VvMTB6cZU",
        "https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview",
        "https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview",
        "https://imp0rtp3.wordpress.com/2021/08/12/tetris/",
        "https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview",
        "https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview",
        "https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview",
        "https://tria.ge/240521-q4s79agb25/static1",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview",
        "https://www.filescan.io/uploads/666d69ff6b8dba248b414767",
        "https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3",
        "https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b",
        "Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2",
        "https://www.hudsonrock.com/search?domain=ualberta.ca",
        "https://www.criminalip.io/domain/report?scan_id=13798622",
        "https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24",
        "https://urlscan.io/search/#ualberta.ca",
        "https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs",
        "https://sitereport.netcraft.com/?url=http://ualberta.ca",
        "https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/",
        "https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll",
        "https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark",
        "https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22",
        "https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22",
        "https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22",
        "https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22",
        "https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "Canada"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Technology",
        "Healthcare",
        "Telecommunications",
        "Government"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 25,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 7,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1703,
        "FileHash-SHA256": 90472,
        "URL": 99185,
        "domain": 82954,
        "hostname": 39041,
        "FileHash-SHA1": 1624,
        "email": 4658,
        "CVE": 12
      },
      "indicator_count": 319649,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 139,
      "modified_text": "414 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "663d2869e0f3a42bbddc42ff",
      "name": "UPX executable packer.",
      "description": "A new rule has been introduced  a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"",
      "modified": "2024-10-14T00:01:17.069000",
      "created": "2024-05-09T19:47:53.786000",
      "tags": [
        "cioch adrian",
        "centrum usug",
        "sieciowych",
        "elf binary",
        "upx compression",
        "roth",
        "nextron",
        "info",
        "javascript",
        "html",
        "office open",
        "xml document",
        "network capture",
        "win32 exe",
        "xml pakietu",
        "pdf zestawy",
        "przechwytywanie",
        "office",
        "filehashsha1",
        "url https",
        "cve cve20201070",
        "cve cve20203153",
        "cve cve20201048",
        "cve cve20211732",
        "cve20201048 apr",
        "filehashmd5",
        "cve cve20010901",
        "cve cve20021841",
        "cve20153202 apr",
        "cve cve20160728",
        "cve cve20161807",
        "cve cve20175123",
        "cve20185407 apr",
        "cve cve20054605",
        "cve cve20060745",
        "cve cve20070452",
        "cve cve20070453",
        "cve cve20070454",
        "cve cve20071355",
        "cve cve20071358",
        "cve cve20071871",
        "cve20149614 apr",
        "cve cve20151503",
        "cve cve20152080",
        "cve cve20157377",
        "cve cve20170131",
        "cve20200796 may",
        "cve cve20113403"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 6861,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Arek-BTC",
        "id": "212764",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 5771,
        "domain": 3139,
        "URL": 14525,
        "FileHash-SHA1": 2610,
        "IPv4": 108,
        "CIDR": 40,
        "FileHash-SHA256": 10705,
        "FileHash-MD5": 3373,
        "YARA": 2,
        "CVE": 148,
        "Mutex": 7,
        "FilePath": 3,
        "SSLCertFingerprint": 3,
        "email": 23,
        "JA3": 1,
        "IPv6": 2
      },
      "indicator_count": 40460,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 137,
      "modified_text": "552 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://o.event.target",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://o.event.target",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776616680.0457995
}